Debian 4.0 DSA-1535-1 Critical Remote Threats in Iceweasel
debian
March 30, 2008
Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser
Summary
Peter Brodersen and Alexander Klink discovered that the
autoselection of SSL client certificates could lead to users
being tracked, resulting in a loss of privacy.
CVE-2008-1233
"moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
CVE-2007-5338 allow the execution of arbitrary code through
XPCNativeWrapper.
CVE-2008-1234
"moz_bug_r_a4" discovered that insecure handling of event
handlers could lead to cross-site scripting.
CVE-2008-1235
Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
that incorrect principal handling can lead to cross-site
scripting and the execution of arbitrary code.
CVE-2008-1236
Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
Palmgren discovered crashes in the layout engine, which might
allow the execution of arbitrary code.
CVE-2008-1237
"georgi", "tgirmann" and Igor Bukanov discovered crashes in the
Javascript engine, which might allow the executio...
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!